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DETAILED ACTION 

1 . This office action is in response to the RCE/amendment filed on 1/1 1/2008. 

2. Claims 1-5, 7, 9-1 1 and 13-17 are pending. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) wilich forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claim s 1-5, 7, 9-1 1 and 13-17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Lee (US Patent 7047561 B1) in view of Inoue et al..(US Patent 
6167513). 

In regards to claim 1, Lee shows in figure 5 a packet processing method to using 
a firewall in association with real-time Internet applications. After layer 3 and layer 4 
processing is carried out at step 515, at step 520 the packet is split into TCP and UDP 
data. The process of figure 5 is carried out according to the functions of the network 
layers in figure 2, where layers 7 through 3 implement packet filter policy (establishing a 
policy manager). 

Subsequently in steps 550 and 555, packet filtering is applied (examining the 
packet via one or more filters in the policy manager). In further regards, figure 1 
illustrates a schematic diagram of a computer network Including a hybrid firewall 100 
inclusive of packet filter 106 (the policy manager having a set of policies represented by 
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filters). The packet filter 106 examines packets at layer 3 and layer 4 to selectively 
control the flow of data to and from networks 110 and 120. Packet filter 106, will follow 
predetermined security rules that specify which types of packets to allow to pass and 
which types of packets to block (see column 4, lines 40-45) (a first filter to examine a 
type of packet). 

Furthermore, packets are allowed or blocked based on layer 3 information such 
as destination IP address (see column 4, lines 46-50) (or a destination of the packet via 
a second filter ). 

Returning to figure 5, if at step 555, a packet is allowed to pass through; at 
subsequent steps 560 and 565, TCP and IP headers are respectively added. 

At step 565, an IP header is added to outgoing packet (dynamically detemriining 
whether to apply a mobile IP to the packet). 

In further regards to claim 1 , Lee fails to teach neither the filtering policies being 
applied on a mobile node using a mobile IP protocol nor associating mobile IP to the 
packet if the packet does not match with any of the filtering. Inoue teaches the above- 
mentioned limitation in figure 3 where a mobile IP network is shown with gateways 4a- 
4c and a mobile node 2. Furthermore, since a mobile IP network exists, Inoue is also 
reads on transmitting a packet via a mobile node (see figure 36, arrow going from MN 2 
to CH3). The gateways, carryout filtering according to prescribe security policies for the 
mobile node (see column 1 1 , lines 19-23). 

Furthermore, in figure 20 case 6, where the mobile node is in an external network 
(where being inside the home network reads on the filtering criteria) and a 
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correspondent host in the home network, mobile IP is applied (see column 30, lines 9- 
1 9) and the packet format used is from figure 4D. 

Therefore, it would have been obvious to one skilled in the art at the time the 
invention was made to incorporate the firewall processing method taught by Lee into a 
security policy implement by the gateways in the mobile IP network disclosed by Inoue. 
The motivation to do so would be to provide security for real time applications that use 
mobile IP. 

In regards to claim 2, Lee shows in steps 565 an IP header added to a packet 
In regards to claim 3, Lee in combinations with Inoue teaches all the limitations of 

parent claims 1 and 2. Lee fails to show new source and destination addresses being 

added to an IP header. Inoue however shows in figure 7, an inner IP header being 

added with a new source and destination addresses. 

Therefore, it would have been obvious to one skilled in the art at the time the 

invention was made to incorporate the firewall processing method taught by Lee into a 

security policy implement by the gateways in the mobile IP network disclosed by Inoue. 

The motivation to do so would be to provide security for real time applications that use 

mobile IP. 

In regards to claim 4, figure 1 illustrates a schematic diagram of a computer 
network including a hybrid firewall 100 inclusive of packet filter 106. The packet filter 
106 examines packets at layer 3 and layer 4 to selectively control the flow of data to and 
from networks 110 and 120. Packet filter 106, will follow predetermined security rules 
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(criteria) that specify which types of packets to allow to pass and which types of packets 
to block (see column 4, lines 40-45) (filter to examine a type of packet). 

In further regards to claim 4, Lee shows in step 520, the data being split Into TCP 
and UDP data and in steps 550 and 560, UDP packet filtering policy is applied. 

In regards to claim 5, Lee shows in step 520, the data being split into TCP and 
UDP data and in steps 550 and 560, UDP packet filtering policy is applied. 

In regards to claim 7, Lee shows in figure 5 a packet processing method to using 
a firewall in association with real-time Internet applications. After layer 3 and layer 4 
processing is carried out at step 515, at step 520 the packet is split into TCP and UDP 
data. The process of figure 5 is carried out according to the functions of the network 
layers in figure 2, where layers 7 through 3 implement packet filter policy (establishing a 
policy manager). 

Subsequently in steps 550 and 555, packet filtering is applied (examining the 
packet via one or more filters in the policy manager). In further regards, figure 1 
illustrates a schematic diagram of a computer network including a hybrid firewall 100 
inclusive of packet filter 106 (the policy manager having a set of policies represented by 
filters). The packet filter 106 examines packets at layer 3 and layer 4 to selectively 
control the flow of data to and from networks 110 and 120. Packet filter 106, will follow 
predetermined security rules that specify which types of packets to allow to pass and 
which types of packets to block (see column 4, lines 40-45) (a first filter to examine a 
type of packet). 
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Furthermore, packets are allowed or blocked based on layer 3 Infonnation such 
as destination IP address (see column 4, lines 46-50) (or a destination of the packet via 
a second filter ). 

Returning to figure 5, if at step 555, a packet is allowed to pass through; at 
subsequent steps 560 and 565, TCP and IP headers are respectively added. 

At step 565, an IP header is added to outgoing packet (dynamically detemnining 
whether to apply a mobile IP to the packet). 

In further regards to claim 7, Lee fails to teach neither the filtering policies being 
applied on a mobile node using a mobile IP protocol nor associating mobile IP to the 
packet if the packet does not match with any of the filtering. Inoue teaches the above- 
mentioned limitation in figure 3 where a mobile IP network is shown with gateways 4a- 
4c and a mobile node 2. Furthermore, since a mobile IP network exists, Inoue is also 
reads on transmitting a packet via a mobile node (see figure 36, arroyv going from MN 2 
to CH3). The gateways, carryout filtering according to prescribe security policies for the 
mobile node (see column 1 1 , lines 19-23). 

Furthermore, in figure 20 case 6, where the mobile node is in an external network 
(where being inside the home network reads on the filtering criteria) and a 
correspondent host in the home network, mobile IP is applied (see column 30, lines 9- 
19) and the packet fomnat used is from figure 4D. 

Therefore, it would have been obvious to one skilled in the art at the time the 
invention was made to incorporate the firewall processing method taught by Lee into a 
security policy implement by the gateways in the mobile IP network disclosed by Inoue. 
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The motivation to do so would be to provide security for real time applications that use 
mobile IP. 

In regards to claim 9, Lee in combinations with Inoue teaches all the limitations of 
parent claim 7. Lee fails to show new source and destination addresses being added to 
an IP header. Inoue however shows in figure 7, an inner IP header being added with a 
new source and destination addresses. 

Therefore, it would have been obvious to one skilled in the art at the time the 
invention was made to incorporate the firewall processing method taught by Lee into a 
security policy implement by the gateways in the mobile IP network disclosed by Inoue. 
The motivation to do so would be to provide security for real time applications that use 
mobile IP. 

In regards to claims 10 and 11, Lee shows in step 520, the data being split into 
TCP and UDP data and in steps 550 and 560, UDP packet filtering policy is applied and 
at step 570, packet is send out. 

In regards to claim 13, Lee shows in figure 5 a packet processing method to 
using a firewall in association with real-time Internet applications. After layer 3 and 
layer 4 processing is carried out at step 515, at step 520 the packet is split into TCP and 
UDP data. The process of figure 5 is carried out according to the functions of the 
network layers in figure 2, where layers 7 through 3 implement packet filter policy 
(establishing a policy manager). 
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Subsequently in steps 550 and 555, packet filtering is applied (examining the 
packet via one or more filters in the policy manager). In further regards, figure 1 
illustrates a schematic diagram of a computer network including a hybrid firewall 100 
inclusive of packet filter 106 (the policy manager having a set of policies represented by 
filters). The packet filter 106 examines packets at layer 3 and layer 4 to selectively 
control the flow of data to and from networks 110 and 120. Packet filter 106, will follow 
predetermined security rules that specify which types of packets to allow to pass and 
which types of packets to block (see column 4, lines 40-45) (a first filter to examine a 
type of packet). 

Furthermore, packets are allowed or blocked based on layer 3 information such 
as destination IP address (see column 4, lines 46-50) (or a destination of the packet via 
a second filter). 

Returning to figure 5, if at step 555, a packet is allowed to pass through; at 
subsequent steps 560 and 565, TCP and IP headers are respectively added. 

At step 565, an IP header is added to outgoing packet (dynamically determining 
whether to apply a mobile IP to the packet). 

In further regards to claim 13, Lee fails to teach neither the filtering policies being 
applied on a mobile node using a mobile IP protocol nor associating mobile IP to the 
packet if the packet does not match with any of the filtering. Inoue teaches the above- 
mentioned limitation in figure 3 where a mobile IP network is shown with gateways 4a- 
4c and a mobile node 2. Furthermore, since a mobile IP network exists, Inoue is also 
reads on transmitting a packet via a mobile node (see figure 36, arrow going from MN 2 
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to CHS). The gateways, carryout filtering according to prescribe security policies for the 
mobile node (see column 1 1 , lines 19-23). 

Furthermore, in figure 20 case 6, where the mobile node is in an external network 
(where being inside the home network reads on the filtering criteria) and a 
correspondent host in the home network, mobile IP is applied (see column 30, lines 9- 
19) and the packet fomnat used is from figure 4D. 

Therefore, it would have been obvious to one skilled in the art at the time the 
invention was made to incorporate the firewall processing method taught by Lee into a 
security policy implement by the gateways in the mobile IP network disclosed by Inoue. 
The motivation to do so would be to provide security for real time applications that use 
mobile IP. 

In regards to claim 14, Lee shows in steps 565 an IP header added to a packet. 

In regards to claim 15, Lee in combinations with Inoue teaches all the limitations 
of parent claims 13 and 14. Lee fails to show new source and destination addresses 
being added to an IP header, inoue however shows in figure 7, an inner IP header 
being added with a new source and destination addresses. 

Therefore, it would have been obvious to one skilled in the art at the time the 
invention was made to incorporate the firewall processing method taught by Lee into a 
security policy Implement by the gateways in the mobile IP network disclosed by Inoue. 
The motivation to do so would be to provide security for real time applications that use 
mobile IP. 
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In regards to claim 16, figure 1 illustrates a schematic diagram of a computer 
network including a hybrid firewall 100 inclusive of packet filter 106. The packet filter 
106 examines packets at layer 3 and layer 4 to selectively control the flow of data to and 
from networks 110 and 120. Packet filter 10(5, will follow predetermined security rules 
(criteria) that specify which types of packets to allow to pass and which types of packets 
to block (see column 4, lines 40-45) (filter to examine a type of packet). 

In further regards to claim 16, Lee shows in step 520, the data being split into 
TCP and UDP data and in steps 550 and 560, UDP packet filtering policy is applied. 

In regards to claim 17, Lee shows in step 520, the data being split into TCP and 
UDP data and in steps 550 and 560, UDP packet filtering policy is applied. 

Response to Arguments 
5. Applicant's arguments with respect to claims 1-5, 7, 9-1 1 and 13-17 have been 
considered but are moot in view of the new ground(s) of rejection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jay P. Patel whose telephone number is (571) 272- 
3086. The examiner can normally be reached on M-F 9:00 am - 5:00 p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Edan Orgad can be reached on (571) 272-7884. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status infomnation for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Examiner 
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